We help IT Professionals succeed at work.

Exchange 2003 Message Looping

1,196 Views
Last Modified: 2010-05-18
Hi,
Recently we had an issue where an Email was being looped in our Exchange. This caused the bandwidth to skyrocket and slowed the sytem right down.

We were able to stop the problem by blocking the senders domain. It then just took a while for the thousands of emails left the in queues to filter out.

Basically what happened was, an email was sent to an address at our domain that didnt exist. Our exchange responded with a non delivery report. The address that the original email was sent from also didnt actually exists so the email got stuck in an endless loop.

Is there a way to stop this happening in Exchange 2003?
Comment
Watch Question

tigermattSite Reliability Engineer
CERTIFIED EXPERT
Most Valuable Expert 2011
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Thanks for the quick reply Tigeratt,

The recipient filtering checkboxes are already checked, on both the message delivery and the SMTP virtual server as we have had this problem before and checked these boxes as a result.

Is there anything else that can be done to stop this?
tigermattSite Reliability Engineer
CERTIFIED EXPERT
Most Valuable Expert 2011

Commented:
Did the mail loop keep going on for ever? This is unusual - from what I have seen anyway, loops will tend to stop after a period of time.

If those boxes are already checked, I'm not sure there's anything else to do in order to prevent a mail loop. That's the configuration I use and it tends to be quite successful.

Author

Commented:
Yes it just continued forever, until we blocked their domain. The looping then stopped and the queues and system speed eventually got back to normal.
tigermattSite Reliability Engineer
CERTIFIED EXPERT
Most Valuable Expert 2011

Commented:
Well there's no other options in Exchange which I can think of enabling to prevent this behaviour. I can't see how Directory Filtering is helping, because it should be closing the SMTP session before any NDRs can even be generated. Strange.

Author

Commented:
My understanding of the recipeient filtering feature as well is that, when their exchange talks to our exchange it says:

" does this recipient exist in your domain"

Our Exchange says "No, bugger off" and their Exchange then sends the sender a "NDR" or an unable to to delivery report. would that be correct.
tigermattSite Reliability Engineer
CERTIFIED EXPERT
Most Valuable Expert 2011

Commented:
Your description of that is correct. The only thing I can see is that the remote mail server is trying to generate the NDRs without fully realising that the sender's mailbox doesn't exist there. Obviously the generated NDR will then bounce. If that is indeed the case, there isn't really a way to prevent it.

Commented:
May I add a thought? Why use NDRs anyway?

If a legitimate sender can't seem to get through, they will call. And this is what, 1% of NDR-type situations?

99% it's a spam sender, and by responding to them you only make things worse; Now they know there's an active email server behind that MX record they crawled from your ISP. They also know you're running Exchange server AND the exact version.

My humble opinion: disable NDRs altogether.
tigermattSite Reliability Engineer
CERTIFIED EXPERT
Most Valuable Expert 2011

Commented:
Disabling NDRs is a big no, no. As per the SMTP RFCs (which basically define how the SMTP protocol functions), any mail server which does not send an NDR to a sender if their message cannot be delivered is breaching these regulations. Any breach of them, particularly in today's environment, could quickly end up in a server being blacklisted, and this will cause more problems than the odd email loop will cause.

-tigermatt

Author

Commented:
Hi Wizzad,

All thoughts are welcome :)

We did discuss disabling NDRs when this issue happened the first time however it was decided against because of the fact that a legitimate sender would not be notified that their email didnt get through.

Thinking about it now though, in that situation, their Exchange would notify them that it was unable to pass the email through to us. Is my thinking correct?
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
tigermattSite Reliability Engineer
CERTIFIED EXPERT
Most Valuable Expert 2011

Commented:
wizzad, I completely agree with you, and in fact, I have NDRs disabled on my private Exchange Server. I've not been blacklisted as a result, but I would rather not, on a public site such as this, give inaccurate advice which other people may follow and could cause them even more headaches in the future. Further, in a business environment, the sending of an NDR could be the difference between a multi-million dollar contract and nothing... if you get what I'm saying! :-)

If you want clarification that disabling NDRs is a bad thing, check out the comment from Sembee (our top Exchange expert) in question http:Q_23223513.html#a21072601.

Thank you for participating in this thread, and please feel free to continue posting your comments.

Anyway, back to DorisOnline's question. If you have correctly enabled the Recipient Filtering option, then should a recipient not exist at your domain, Exchange will reject the message. As a result, no NDR is generated by your mail server, and it is up to the sender's server to generate the NDR. In this case, the only time NDRs will be used is if a recipient's mailbox actually exists at your domain, but there is a problem delivering mail to it - perhaps it is over its quota, for example.

You can check if recipient filtering is working by doing a spam test as per http://www.amset.info/exchange/spam-cleanup.asp. In step 10, provide a fake email address and then you should get the "Unable to relay" message as per the article.

-tigermatt
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.